20 Questions For Preparing An IT Risk Assessment

risk-assessment-managementMany small businesses are being dragged into the arena of IT risk assessment by larger client companies, suppliers, or regulators.  Common scenarios include credit card (PCI) or HIPAA compliance.  Since the Target breach, smaller vendors and supplier companies who have a network connection into the IT operations of a larger company are being required to undergo the same sort of vulnerability and risk assessment procedures ...

Continue Reading →
0

Cybersecurity – Where Are We?

cybersecurity_436x270Sometimes in the maelstrom of cybersecurity battles, it is helpful to step back and see where we came from, where we are, and where we are going.  This year, in addition to studying for and passing the CISSP exam, I have been to a bunch of security conferences.  I’ve been to MISC.conf, Secure360, B-Sides, and the Tech Security Conference.  Here are some highlights and insights ...

Continue Reading →
0

Setting Up TFA Without Authenticator

tfaMaybe you like the idea of two-factor authentication, but the Google Authenticator smartphone app seems too cumbersome.  Or maybe you are not a smartphone owner, because you don’t like the idea of a phone that can track your location to within a few feet, and keeps sharing all your personal data with the apps on your phone.  So you own a flip phone with ...

Continue Reading →
0

Removing TFA from an Account in Authenticator

google-authenticatorGoogle Authenticator is my favorite go-to app for setting up two-factor authentication.  But what if you want to remove an account from Google Authenticator?

I set up two-factor authentication for Facebook and the Authenticator app did not work.  So I tried again, and ended up with two accounts on the Authenticator list, neither of which worked.  This pushed other working accounts down far enough that ...

Continue Reading →
0

Personal Privacy Through Email Encryption

encrypted-emailOne of the easiest ways for an intruder to learn about you is through a compromised email account.  And since most email is transmitted in the clear or in plain text, it is a simple thing for a bad actor to read intercepted email traffic.  Encrypting your email makes it harder for criminals, competitors, law enforcement, and government spy agencies to read your email messages.

You can set up secure email yourself using ...

Continue Reading →
0

Smartphone and Tablet Security Solutions

smartphone-securityOn Wednesday we discussed the many, many ways your smartphone is vulnerable to attack.  Today we will look at solutions.  Smart mobile devices need to be secured just as you would a laptop or desktop computer  The small size and easy portability of smartphones and tablets make them easier to steal or lose.  Some of our recommendations:

  • Record the electronic serial number (ESN) of your phone or tablet. This is information you will ...
Continue Reading →
0

Your Smartphone and Tablet Need Security Too

phone-thiefMobile smart devices have all the capabilities of a laptop or computer.  What this means from a cybersecurity perspective is that they are every bit as vulnerable as a laptop or desktop computer.  The fact that they are small makes them easy for a thief to slip in a pocket or backpack and carry away, along with your personal information, contacts, pictures, geo-location history, and a raft of critical and revealing information.

In ...

Continue Reading →
0

Does Windows 10 Violate HIPAA, GLBA, and SOX?

Win10-securityMicrosoft has made Windows 10 one of the most highly personalized and cloud integrated operating systems ever, and this may introduce new security risks into using your computer.  They do this by keeping track of what you do, where you go an the Internet, and what you are typing.  This is how features such as Cortana get to know your preferences, and begin to make suggestions.  Microsoft says this information is scrubbed ...

Continue Reading →
0

How Did They Take Over My Computer?

Computer breaches can happen many ways, but the two most common are stolen credentials, and phishing emails.  Credentials, your user name and password, sometimes are stolen from a web server breach, and then sold online on the criminal marketplaces.  Or sometimes you are tricked into giving them up on clever fake websites.  Phishing is one way that credentials are stolen.  The links in phishing emails often will direct the unwary user to the fake web page with the helpful web ...

Continue Reading →
0
Page 5 of 9 «...34567...»